Profile picture of Anish

Anish Athalye

GitHub: @anishathalye
Twitter: @anishathalye


I am a PhD candidate at MIT in the PDOS group. I’m interested in formal verification, systems, security, and machine learning.

In the past, I’ve been an undergraduate at MIT, and I’ve interned at OpenAI, Dropbox, Google, and ORNL. During undergrad, I co-founded Code for Good and helped run HackMIT.


  1. Verifying Hardware Security Modules with Information-Preserving Refinement

    Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

    16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2022).

  2. Pervasive Label Errors in Test Sets Destabilize Machine Learning Benchmarks

    Curtis G. Northcutt, Anish Athalye, and Jonas Mueller.

    35th Conference on Neural Information Processing Systems (NeurIPS 2021)
    Track on Datasets and Benchmarks

  3. Notary: A Device for Secure Transaction Approval

    Anish Athalye, Adam Belay, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.

    27th ACM Symposium on Operating Systems Principles (SOSP 2019).

  4. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

    Anish Athalye*, Nicholas Carlini*, and David Wagner.

    35th International Conference on Machine Learning (ICML 2018).

    (Best Paper Award)

  5. Synthesizing Robust Adversarial Examples

    Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, and Kevin Kwok.

    35th International Conference on Machine Learning (ICML 2018).

  6. Black-box Adversarial Attacks with Limited Queries and Information

    Andrew Ilyas*, Logan Engstrom*, Anish Athalye*, and Jessy Lin*.

    35th International Conference on Machine Learning (ICML 2018).

  7. pASSWORD tYPOS and How to Correct Them Securely

    Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart.

    37th IEEE Symposium on Security and Privacy (SP 2016).

    (Distinguished Student Paper Award)

Short Papers

  1. The K2 Architecture for Trustworthy Hardware Security Modules

    Anish Athalye, M. Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti.

    1st Workshop on Kernel Isolation, Safety and Verification (KISV 2023).

  2. Leakage models are a leaky abstraction: the case for cycle-level verification of constant-time cryptography

    Anish Athalye, M. Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti.

    1st Workshop on Programming Languages and Computer Architecture (PLARCH 2023).

  3. rtlv: push-button verification of software on hardware

    Noah Moroze, Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

    5th Workshop on Computer Architecture Research with RISC-V (CARRV 2021).

  4. Evaluating and Understanding the Robustness of Adversarial Logit Pairing

    Logan Engstrom*, Andrew Ilyas*, and Anish Athalye*.

    NeurIPS 2018 Workshop on Security in Machine Learning (SECML 2018).

  5. On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses

    Anish Athalye* and Nicholas Carlini*.

    The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2018).


  1. On Evaluating Adversarial Robustness

    Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian Goodfellow, Aleksander Madry, and Alexey Kurakin.